Ukraine says more than 70 government websites damaged, 10 subjected to 'unauthorized blocking'
Ukrainian law enforcement agencies said more than 70 state websites were attacked on Friday, accusing hacker groups linked to Russia's secret services, which may be behind the incident.
The attack, initially described by “big” Ukrainian officials, took over several government websites in Ukraine, including those for the Ukrainian Foreign Ministry and the Ministry of Education and Science.
In a statement, the Ukrainian Security Service, State Special Service and Cyber Police said 10 government websites were "under unauthorized control". Ukrainian news agency Ukrinform reported that the websites for energy, treasure, environment, veterans and the state emergency service had been damaged.
The agencies said that the content on the sites had not been altered and that no personal data had been collected during the incident, despite claims made by the hackers.
“Our experts, along with ministerial and departmental administrators, have updated the work of most web resources. Also at the SBU initiative, several state emergency facilities were cut off, including the public services portal Action, to localize the technical. The Action mobile application worked and will operate in a consistent manner, "the statement said.
“At the same time, the report that hackers were exploiting a particular vulnerability of the content management system that appeared in the media during the day was just one of the versions being worked on. out. Now, at the end of the day, we can say with some realism that there was an attack on the supply chain, among other things. The attackers seized the infrastructure of a commercial company that had access to the rights to manage the web resources affected by the attack. "
The country's law enforcement officials are still investigating the incident and gathering evidence, noting that their investigation will continue over the weekend. CERT Ukraine has issued its own message stating that the attack may have been related to vulnerabilities in the CMS system discovered last year.
The Ukrainian tech company behind many of the websites, Kitsoft, said in a statement on Facebook that it was not the only company that had contaminated websites.
The company called the attack "complex" and said it was typically investigating for vulnerabilities but was only contracted to build the sites, without providing support. They said their government customers had no contracts for site support and that everything was "handed over to the customer" once the sites were built.
"To prevent such attacks against the state, it is important to allocate resources for regular support and modernization of IT systems," the company said.
The incident - which took place as Russia threatens to invade Ukraine - caused a great deal of uproar across Europe, but some questioned whether the concern about the invasion was needed. little damage had been done. Cybersecurity expert and journalist Kim Zetter, one of the first to note the attack, said "It helps the attacker to spread fear and their misinformation when people make more of an attack than it deserves."
Other experts said even naming what happened as an "attack" was a real joke. But despite the protests, foreign ministers across Europe issued statements criticizing the incident and pledging support for Ukraine, including officials from Belgium, Bulgaria, Latvia, Denmark, Lithuania, Poland, Norway and Romania.
NATO Secretary General Jens Stoltenberg said cyber experts in Brussels were sharing information with Ukrainian officials and others supporting Ukraine "on the ground".
"In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO's malware information-sharing platform. NATO will continue to have strong political and practical support for Ukraine, "said Stoltenberg.
In addition to the website's shortcomings, the gas wholesaler in Ukraine reported cyberattack although it is not clear whether the two were linked. Oleg Nykonorov, CEO of РГК, wrote on Facebook that they were also attacked but said he was stopped before any damage could be done.